I just recently set up my own instance vlemmy.net and am wondering whats the consensus on email verification? I myself am quite privacy conscious and would understand people not wanting to sign up with an email, but if no email is required would there be a spam risk, your insight would be much appreciated, thanks.
I think currently the best option to keep an eye on user accounts is to require admin approval with some text they have to write.
Requiring email does not stop spammers at all these days. It basically just ensures people can reset their passwords.
Do you think it would be important to have it enabled so that everyone who joins has a recovery factor? Mabye reduce the number of lost accounts?
I don’t make it mandatory on our instance, but the amount of people that forget their passwords is staggering. I think many people just don’t bother with remembering their passwords at all and just depend on the password reset feature when they switch devices or so.
I’ve found email verification is finnicky to say the least. The Lemmy UI has some issues with users being stuck with spinning icons at various points for a start.
In the back end… email is a pain. If you’re using a public cloud VM and using the Lemmy provided docker/ansible postfix image, your users are unlikely to receive the verification emails as your server’s IP address is likely n a DNSBL somewhere.
If you use a third party SMTP service you may have more luck… but even then you’ll likely have issues.
I’ve disable email verification for these reasons, and rely on the answer to the signup question to vet applicants.